AVrecon Malware-Infected Routers Exploited as Residential Proxies by SocksEscort

TLP:CLEAR

Summary

The Federal Bureau of Investigation (FBI) is releasing this FLASH to disseminate indicators of compromise (IOCs) and identified tactics, techniques, and procedures (TTPs) associated with AVrecon malware. This malware has been observed targeting routers and other Internet of Things (IOT) devices, located in approximately 163 countries around the world, including the United States. Threat actors have been found to compromise routers, install AVrecon malware, and then sell access to the compromised devices as residential proxies using the SocksEscort residential proxy service. SocksEscort is believed to have compromised and sold access to approximately 369,000 devices since 2020.

The release of this FLASH follows the coordinated takedown of the SocksEscort service through a joint law enforcement operation. This operation was conducted by the FBI and partners at EUROPOL, France’s Office of Anti-Cybercriminalité (OFAC), the Dutch National Police, Austria’s Bundeskriminalamt (BK), the DoD Office of Inspector General’s Defense Criminal Investigative Service (DCIS), and the U.S. Internal Revenue Service (IRS).

Please click here to read more detail

TLP:CLEAR